Hacker News new | past | comments | ask | show | jobs | submit login

You can open Discord in a private window in you browser to get another identity. On Linux, I can also recommend firejail with the --private= flag which allows you to have unlimited instances (well, limited by your RAM).



Please do not use firejail. The code used to have, and probably still has, very amateurish security flaws (like trusting the USER env var) and should definitely not have SUID, especially now that linux is getting unprivileged namespacing.


I frankly don't understand what to trust when it comes to sandboxing in Linux.

On the one hand, there are SUID binaries like Firejail and on the other, we have bubblewrap which uses unprivileged user namespaces, also used by Podman and Docker rootless containers. However, linux-hardened disables unprivileged user namespaces by default and the Arch Wiki has warnings plastered all over the Podman page about potential security risks of using unpriv user namespaces.


I personally trust RedHat more with setting good defaults than random ArchLinux users (that also recommend firejail), considering the audience of RedHat (particularly some government agencies)


Security by authority must be one of the worst things in 2021, perhaps they are optimizing for DevEx (or whatever) rather than security.


Well yeah, and Microsoft is the world's most experienced software company and a superscaler who really knows how to secure infrastructure well, you really can't hope to compete with their security teams, right up to the part where their images come with a garbage port of their WMI garbage containing uncountably infinite LPEs and RCEs running with uid=0.


> I personally trust RedHat more with setting good defaults than random ArchLinux users (that also recommend firejail)

You speak as if these "random Arch Linux users" have written their opinions on the wiki rather than reasonable conclusions based on how unprivileged user namespaces have been a source security vulnerabilities in the past and is still seen as a security risk.

Maybe try not to let your bias get in the way?


Systems that have implemented stricter sandboxing are in general far less trustworthy and I think the security discussion went out of scope here.


Thanks for the heads up! Is there anything (packaged easily for Debian) you'd recommend instead?


Your sibling comment has a few good ones.


Firefox Multi-Account Containers work for this too.


Agreed. I used to use Firefox Profiles like above comments may mention, but multi-account containers are great and far easier to use than re-launching Firefox instances. Simply click "Re-open this tab in..." while being on the Discord page to open up another account.


Does one really need a jailed or chrooted instance when you can just create profiles?

firefox -P <profilename>


For that matter, Firefox has "open in new private window" as a built-in option on its right-click context menu for links.

Also I have a "work" container I use for this type of thing, so that's also an option in my context menu.


The profiles have a separate history, password store, settings and extensions as a bonus.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: